Apple wants to implement features that access data locally. It doesn’t want to allow competition for offering those features, but if it did, competitors may use that access to local data to exfiltrate.
So it is about both competition and, as a result of creating competition, privacy.
Thats what Apple wants you to think. In reality it has nothing to do with privacy. Apple could let 3rd parties tap into these APIs but only after the user clicks away a big scary message telling the user they are leaving the comfort of the apple curated garden.
This allows competition, but also allows privacy for those who want it. See? Simple really, but Apple being Apple dont want to let 3rd parties use its AI APIs and so we have this standoff.
Big scary warnings aren’t a solution either. I watch the way my son interacts with consent screens and warnings, and it’s barely believable- the average person is very well trained to click through the warnings.
Someone might believe that people who ignore the warnings deserve everything they get, but I respectfully disagree. I remember helping my grandma uninstall and remove all the hostile browser extensions that had tricked her into installing them. If Apple is protecting vulnerable populations by taking the choice out of the users hands, even if it’s only profit motivated, I’m okay with that until someone presents an alternative that actually addresses those needs.
Apple is very good at “big scary warnings” that are also quite difficult to click through without knowing the correct steps to take. See also the EU alternative app stores, or running an unsigned app on macOS, or installing a device profile…
This is mostly wrong. The DMA has a process to determine if a service provider acts a gatekeeper to the market, and let's be honest if Apple is not one, then I don't know who else besides Google..
So there is no privacy argument in there except Apple didn't want to design a interface that complies and is safe.
Apple is using Cloud compute as well to enable Siri AI.
If you want to you could still use Apple or another provider you decide to trust - or even one that does everything locally. The competition would still have to follow GDPR after all.
If Apple had e.g. required competitors to undergo similar independent audits that would probably be allowed as it is quite similar to how Apple solved the third party app store issue.
It sounds like they are whitelisting the hashes of all the Google software and OSes and stuff to ensure nothing is changed out from under them without them knowing.
Even if you could make all the other possible vendors run private cloud compute style stuff that would be a lot to manage.
And I can’t imagine the EU would like, and as a user I would certainly hate, the “OK you can use Grok but you lose all privacy too bad“ dialogue box they could make.
I don't even think it offers a meaningful degree of security. It's a form of theater, you have to be hand-selected to perform the audit that Apple promised.
Most sysadmins know that hash matching only mitigates a small subset of rare upstream attacks. Apple could still be MITMing the whole thing (SSL added and removed here :)) and no auditor would get the chance to check. The offered audit is so weak that I would not trust any FAANG business to administrate it.
Apple is once again demanding arbitrary centralization to give them an undeserved veto power. None of this is for security.
Have a set of clearly-defined requirements that doesn't randomly reject valid candidates? Nobody wants another opaque system like the App Store review process.
By the sound of it, Apple's offered audit doesn't include insight into the most dangerous parts of a system like this. This could easily lead to a situation where real security experts are denied access to promote influencer-adjacent Yes Men who rubberstamp the hashes matching without any question.
Hence my concern for "SSL added and removed here" - none of Google's famously backdoored infrastructure will be audited. For privacy purposes, Apple's promise is woefully incomplete.
That's a very bad faith reading on what Apple said.
How I understood it that they want _actual_ security researchers, not some random dude who once installed Kali Linux and ran nmap.
It's state of the art private compute according to actual experts and everyone will be wasting their time if the "researchers" need to be coached through the process and explained the basics of the system's operation.
At this point the EU doesn’t trust Apple’s fair rules. Which is very much earned.
So if they did that here, I doubt the EU would accept it. And even if they did as soon as a competitor of any side/credibility cried foul I’m sure the EU would make life very hard for Apple to prove they’re not being unfair in even the tiniest way.
As I follow the situation, it seems that regulatory uncertainty is a major issue though- the EU’s requirements are framed in terms of outcomes sought, rather than in terms that can be quantitatively shown as met or broken. So it’s not a matter of dedicating a team to meet a list of requirements, but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met.
In this case it looks much simpler: Apple strictly does not want to open up the iOS platform to other competing agents, as they lose the monopolistic moat if they do. While making a true developer platform with good documentation is often hard and expensive, with the market access they'd get, companies would gladly jump on it even if it was badly documented as long as they have guarantees of continued legal access.
At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).
Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.
> imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork
That's not the case. it's merely software (exactly like my iPhone 16 lacking the promised AI features claimed at WWDC24).
Anyway as I'm now within the EU with phone I bought before moving to the EU, regional features (or restrictions) depends on the logged in account and device regional settings. Except physical considerations (eSIM design, actual radio transceivers). The hardware is the same thank god.
Those requirements are explicitly on the outcomes because companies like Apple used to abuse loopholes in previous, non-outcome defined laws. They, as always, have no one to blame but themselves.
It sounds like what you’re saying is that because the legislature can’t anticipate how companies will abuse loopholes, they sidestep that by outlining the outcomes instead.
The issue I have with that approach is that I don’t agree with that approach to governance. I believe it’s incumbent on the regulator to define what is acceptable vs. disallowed in unambiguous terms.
This is a spirit of the law vs letter of the law debate. Europe in general (i know its not that easy) tends to go more towards Spirit of the Law. While the US usualy tends more to letter of the law.
A lot of regulation is legally defined in terms of outcomes. That in itself isn't unusual. Checklists of technical requirements are almowt always a derivative and a suggestion about a safe path to meet the regulated outcome. This is how "blessed" standards for e.g. medical devices work. This shields the laws themselves from overly technical discussions.
The only difference that I can see here is that the standards layer hasn't solidified yet.
That’s a good point. So maybe another point of divergence here is that the outcomes of the DMA are rooted in inherently unpredictable market interactions, whereas a medical device standard depends on the device performance and characteristics.
I don’t think it makes sense to create an accountability framework for a company that requires the cooperation of the market, because I think companies should be in a position to either comply or be held accountable on their own merits
The intent matters, not the letter of the law. No loopholes, no bad faith interpretation. Just do what the law wants from you, if you make a mistake in good faith, you'll be given leeway to fix it.
> When interpreting EU law, the CJEU pays particular attention to the aim and purpose of EU law (teleological interpretation), rather than focusing exclusively on the wording of the provisions (linguistic interpretation). This is explained by numerous factors, in particular the open-ended and policy-oriented rules of the EU Treaties, as well as by EU legal multilingualism. Under the latter principle, all EU law is equally authentic in all language versions. Hence, the Court cannot rely on the wording of a single version, as a national court can, in order to give an interpretation of the legal provision under consideration. Therefore, in order to decode the meaning of a legal rule, the Court analyses it especially in the light of its purpose (teleological interpretation) as well as its context (systemic interpretation).
> but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met
This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you
The criticism reads like people who don't understand a high trust society - which I don't think is actually the case here, more like assuming that the foreign guys are bad guys.
"They really don't try to fuck you over if you engage with them in good faith?"
Apple might not want to risk 10% of their global revenue on whether EU regulators like the outcome of their compliance efforts. And there isn’t any real risk of an EU based startup competing in this space like there would be in China.
There is a vast asymmetry in knowledge and capability to make those choices for most users. Most users will press agree and consent to things they don’t understand to get to the next screen, and while that would be terrible for the individuals I think it’s also important to look further at the ramifications because probably Apple would be blamed.
They can't under GDPR. The DMA is for market access - there are other laws for privacy. Those require use commensurate with what is needed for the service, so anyone who e.g. scraped all of a user's local info and stolen it would be breaking EU privacy laws themselves.
This is not complicated. Even in the US, every other industry is regulated to your benefit, you're just used to it and haven't realised. Digital technology obviously needs to be too. And yes, you have to do it properly.
I like it I think it’s sort of cool to see the different environments around Apple Park and be able to hear from a lot of different employees without having to watch a parade over the stage
Plenty of comments about using an LLM to assist with this, and I was happy to be able to read about a learning experience where the stakes were pretty low and the feedback loop pretty tight. Thanks for writing it up; for me, it reminds me that some of the use cases where an LLM might be an efficient tool are also the places where it can be wise to take the opportunity to learn and sharpen new skills.
I totally agree. Don't get me wrong, LLMs helped a lot here, Copilot has been my trusty tool from the day it hit the market, But agents were not really a thing then.
In general, my policy is to do it myself until it stops being fun, so as long as stuff doesn't feel like a slog, I'm still pretty productive all on my own.
If I read it right, the 4B ballpark figure is based on total annual per employee cost of 500k * 8000 employees, so the figure is actually 4B/year. 20B over five years.
This makes me think of the interface for one handed touch screen typing that was used in the movie version of Ended’s game; it stuck with me as an example of a more touch friendly flexible input mechanism that really challenged how I thought about interfaces. Someone made an open source implementation of it but half the battle is getting these idioms to take root. I wish Apple would experiment more with novel touch interfaces in the way the article describes.
It’s insidious because you’re being required to agree to pay for a year of use, split monthly, but cannot decide to cancel during the term of the agreement without paying for use that you don’t want. Just because the terms are clear doesn’t mean it’s not an insidious pricing scheme.
If it were not insidious, it would be easy to answer the question: “what costs for adobe are being covered by the early termination fee?” - but there aren’t any costs, the fee is a punishment to dissuade you from cancelling and hoping that you will miss the window to prevent automatic renewal.
I can understand not wanting to pay Adobe every month, but the commercial reality would require a month-long contract would have to be extraordinarily expensive, to offset the people who do only need it occasionally who'd otherwise be on an annual contract.
Is that predatory? Maybe, but is it worse for those users than only offering the $1k package they used to? Of course they're trying to get you hooked, pricing at a point to minify budget issues, and recurring year-round to avoid expense approvals. Educational licenses also pretty predatory.
Don't get me wrong, they want your money; as much of it as they can extract. You don't have to play the game if you don't want to.
What post-scarcity utopia do you think you're living in?
The commercial reality is them finding the way to get the most from the market. This isn't a bizarre twist of software licensing, every company is doing this to you.
You are paying less monthly if you commit to annual pricing, if not, you can still pay monthly pricing which is higher. Commitment means you will likely be a paying customer for a year at the least and hence company gives you a discount. What’s the insidious aspect? The whole thing can be confusing, yes, but it does what it says.
For an adobe creative cloud subscription? I just looked at their pricing page and could only locate "annual, billed monthly" options. If there's an actual monthly subscription which is just a little more expensive then I'd say the insidious aspect is in hiding it.
Apple wants to implement features that access data locally. It doesn’t want to allow competition for offering those features, but if it did, competitors may use that access to local data to exfiltrate.
So it is about both competition and, as a result of creating competition, privacy.
reply